2009-07-28

There are a few option of firewall interface available on Linux for iptables, both GUI (Graphical User Interface) and CLI (Command Line Interface). FireStarter user interface on GUI is easy to use and configure. The only problem is it does not work properly with PPTP VPN dialup, it blocks protocol GRE. It does provide a workaround (dont ask, it is too painful to remember) but the steps are too tedious and involve the mixture of setup in command line and GUI, and this kind of setup always spells trouble.

Shorewall is another firewall interface that operate on CLI. This is taken from the Shorewall's introduction :

"The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities."

Shorewall's way of configuring iptables firewall made easy by just describing the rules and interfaces into a few files and the firewall is ready to go. Shorewall's website also provides extensive documentation on how it works and how to setup.

This post's intended to setup Shorewall in a few simple steps and thus, it is not really suitable to implement it on medium to large enterprise. Here it is :

2009-07-19

UPDATE : After testing PC-BSD for a while (more then 6 months), PC-BSD indeed is a FreeBSD variant that is superior in Desktop environment. Its user friendly installation and configuration have make FreeBSD so much more suitable running as an Desktop. Unless you're interested in figuring out how to tweak and turn FreeBSD to work in a Desktop, give PC-BSD a try, you'll love it!
Check it out at PC-BSDwebsite !!!

2009-07-18

A reminder to myself on how to disable the keyboard beep sound (serve as an alert) when ever an error occured in the console command line. It is control by a sysctl value. To stop it now on all console, execute :

sysctl hw.syscons.bell=0

To make it permanent, such as every time FreeBSD boots, disable the beep sound :

2009-07-16

FreeBSD is getting more and more attention due to its stability and (well done) documentation. Geeks and nerds are getting their hands into installing FreeBSD onto their Desktop or Laptop. Some might ask "Eh ??? Why ain't ya mentioning the servers? Is BSD.". Sound card, sound card belongs to multimedia. It's mostly meant for entertainment so it's gonna stay on the "personal" thing. e.g. Personal Computer, laptop, notebook, rig, moo or whatever you called it. :p

Back to the topic. This post will try to demo on how to install sound card driver onto FreeBSD.

2009-07-10

The nature of FreeBSD is so rock-solid stable that some system administrator adopt the philosophy "if it ain't broken, don't fix it", others, beg to differ. Upgrading & patching of servers should be diligently carry out so that security vulnerabilities are minimize to the least (who can be sure of their servers are 100% secure ???), introduce to new application features (which geek doesn't like new stuff ???) & performance increase (meaner & leaner :) ). Patching can only be done to a certain level then it will need kernel and base system to compile and build the latest patches or upgrades.

Regular upgrade of the FreeBSD kernel and base system is a good way to follow the support schedule. It would mean that your server would have a longer life span in the production. Not because of some latest OS "GUI" release that demand higher RAM for the "processor hungry monster" lies beneath the OS "GUI" release. But rather, it fixes the bugs of the applications, gives you more new functions and make your hardware works harder & faster.

There are some hiccups to take note of. As with all OS upgrade, the will experience up time interruption (aka server down time) . Scenario such as :

:- The performance of the server have greatly draw by the upgrade process and impact the usual services the server runs. Thus the response time of the server fail to serve the users in time and affected the normal operation of the business.

:- The upgrades break the kernel or base system and the server fail to boot.

:- After the first boot up of the upgrade, the applications fail to compile properly and resulted the services fail to start.

:- The is your first FreeBSD upgrade and you can't predict what would happen and hiccups just like to happen at these times. :p

All of the above can be avoided as long as the below points are observe :

plan and schedule the upgrade with adequate time so that even hiccups happen, there are ample time to solve it.

plan a trial server upgrade or mock run of the upgrade to anticipate what hiccups might happen and test the solutions. Use the server backup and restore to another hardware, virtual machine or sandbox to test the server upgrade. Drop down every step and retry it if time permits to minimize the hiccups.

The is the most important one. Always backup/restore perform a full system backup with no less then 1 day of difference. The shorter time of the difference between the backup and the upgrade, the faster and painless the restore process is. This also mean shorter down time.

2009-07-02

Data are all around servers.. To name a few, file server, email server, LDAP server, web server, DNS server and these are just a few essential servers that make up part of IT section of your company. ERP, CRM, financial projection system, database server, accounting & payroll system are the example of business application. Imagine, what if "some" of these data are loss. It is also worth mentioning that data is so valuable to the company, that partial loss of it might lead to breaking your business continuity !!!

Most of the company operation are depending on these data in the server to make decisions. Data in the servers have never been so important.

Server data disaster recovery planing is a vital process in system administration. It directly shows how much the system administrators understand the importance their role in the business. Reason for data loss can be classified into 2 main categories, natural disaster and man made disaster. Natural disaster that causes data loss includes flood, earthquake, fire hazard and etc. Man made disaster (aka PBKC which denodes Problem Between Keyboard and Chair :p ) examples, hacking activities, accidental data deletion or over written and server maintenance e.g. patching, upgrades, developments, moving to a bigger size of hard disk & etc.

Disaster recovery involves planning, backup & restore. Planning will need identify which are the crucial data to backup and how frequent should it be backup. The next consideration will be what media should the data be save to. Generally, external hard disk (e.g USB) or network based storage (e.g. file server, ssh server, NAS, SAN) are the cheapest & fastest way to store the data. But if the data is to archive, it should go into media e.g. tape, CD, DVD and other optical media. Lastly, all planning and backup of the data should always test against restoration, or else why even plan to save it. :)

This post will concentrate on how to prepare for Server disaster recovery on a FreeBSD server. Do take note Database backup is not cover in this post as Database backup itself, have already a few strategy to look on.